form = auth::get_login_form("login/auth_ajax"); print $view; } public function auth_ajax() { access::verify_csrf(); list ($valid, $form) = $this->_auth("login/auth_ajax"); if ($valid) { print json_encode( array("result" => "success")); } else { print json_encode(array("result" => "error", "form" => (string) $form)); } } public function html() { print auth::get_login_form("login/auth_html"); } public function auth_html() { access::verify_csrf(); list ($valid, $form) = $this->_auth("login/auth_html"); if ($valid) { url::redirect(item::root()->abs_url()); } else { print $form; } } private function _auth($url) { $form = auth::get_login_form($url); $valid = $form->validate(); if ($valid) { $user = identity::lookup_user_by_name($form->login->inputs["name"]->value); if (empty($user) || !identity::is_correct_password($user, $form->login->password->value)) { log::warning( "user", t("Failed login for %name", array("name" => $form->login->inputs["name"]->value))); $form->login->inputs["name"]->add_error("invalid_login", 1); $valid = false; } } if ($valid) { auth::login($user); } // Either way, regenerate the session id to avoid session trapping Session::instance()->regenerate(); return array($valid, $form); } }